With Intrusion Prevention enabled on macOS devices, many ARP cache notifications may appear amongst other notifications. 

With the current implementation of the product there is no ability to change the notification settings for each specific type of detection, including ARP cache poisoning attempts.

Understanding the environmental source of ARP requests is key in understanding why ARP Cache Poisoning notifications occur. The following document has information on what triggers these detections: 

ARP Cache Poisoning and ARP Cache Spoofing

https://support.symantec.com/us/en/article.tech94964.html